[Bug 83065] Re: Request: Update ClamAV

Scott Kitterman ubuntu at kitterman.com
Thu Jul 12 18:25:48 BST 2007


As an interim measure we want to go ahead and backport 0.88.7 while we
work out the API change issues with 0.9x.  Debian/changelog since the
last Edgy version (in edgy-security):

clamav (0.88.7-1ubuntu1) feisty; urgency=low

  * Merge from debian unstable, remaining changes:
    - debian/clamav-base.init-stub, debian/clamav-daemon.init,
      debian/rules: init script stub for common setup functions.

 -- Kees Cook <kees at ubuntu.com>  Tue, 12 Dec 2006 16:04:26 -0800

clamav (0.88.7-1) unstable; urgency=medium

  * New upstream version
    [ CVE-2006-6406 ] MIME encoding scan bypass (closes: #401873)
    [ CVE unavailable ] Nested multipart recursion DoS (closes: #401874)

 -- Stephen Gran <sgran at debian.org>  Tue, 12 Dec 2006 00:38:02 +0000

clamav (0.88.6-1ubuntu1) feisty; urgency=low

  * Merge from debian unstable.
  * Remaining Ubuntu changes:
    - debian/clamav-base.init-stub, debian/clamav-daemon.init,
      debian/rules: init script stub for common setup functions.

 -- Kees Cook <kees at ubuntu.com>  Tue, 28 Nov 2006 21:22:48 -0800

clamav (0.88.6-1) unstable; urgency=low

  * New upstream version
    - incorporates freshclam non-block patch, thus dropping it from patches/

 -- Stephen Gran <sgran at debian.org>  Mon,  6 Nov 2006 11:19:38 +0000

clamav (0.88.5-3) unstable; urgency=low

  * Fix broken configure.in patch.  Never mattered on systems where sendmail
    wasn't installed, but would make the build system fail to pick up local
    versions of sendmail on custom arrangements

 -- Stephen Gran <sgran at debian.org>  Mon, 23 Oct 2006 23:18:59 +0100

clamav (0.88.5-2) unstable; urgency=high

  * Fix FTBFS with nullmailer (closes: #393672)
  * Urgency high because this was keeping security fixes out of testing
  * Noted here since they were unavailable at previous upload time:
    - IDEF1597 is CVE-2006-4182 (libclamav/rebuildpe.c)
    - IDEF1736 is CVE-2006-5295 (libclamav/chmunpack.c)

 -- Stephen Gran <sgran at debian.org>  Thu, 19 Oct 2006 12:30:07 +0100

clamav (0.88.5-1) unstable; urgency=medium

  * New upstream version
    - libclamav/rebuildpe.c: fix possible heap overflow [IDEF1597]
    - libclamav/chmunpack.c: fix possible crash [IDEF1736]
    - urgency medium for this reason

 -- Stephen Gran <sgran at debian.org>  Mon, 16 Oct 2006 01:40:57 +0100

clamav (0.88.4-4) unstable; urgency=low

  * Versioned build-dep on dpkg-dev so I can use ${binary:Version}
  * Actually remove Magnus this time
  * Add Recommends clamav-base to clamav (closes: #391038)
  * Fix parse problem is slurp_config() (closes: #384046)

 -- Stephen Gran <sgran at debian.org>  Sun,  8 Oct 2006 13:39:15 +0100

clamav (0.88.4-3) unstable; urgency=low

  * Move logrotate handling to clamav-daemon.postrm (closes: #384011)
  * Apply upstream freshclam timeout patch (closes: #334911, #382353)
  * Actually install changelogs, symlink other docs.
  * Make binary packages binNMU'able
  * lsb init comments added to init scripts
  * Remove Magnus from Uploaders field, as it looks like he's really not
    coming back to it.  Thanks for all your work, Magnus!
  * Add shlibsdeps to clamav-dbg

 -- Stephen Gran <sgran at debian.org>  Mon,  2 Oct 2006 19:47:06 +0100

clamav (0.88.4-2) unstable; urgency=low

  * Just to note here for the security team, 0.88.4-1 fixed
    [CVE-2006-4018]: libclamav/upx.c: buffer overflow
    (CVE unavailable at upload time)
  * Fix up arguments to start_daemon() in init scripts (closes: #382092)
  * Fix override disparity

 -- Stephen Gran <sgran at debian.org>  Tue,  8 Aug 2006 21:38:43 +0100

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-4018

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-4182

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-5295

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2006-6406

** Changed in: edgy-backports (upstream)
       Status: Invalid => Incomplete

** Summary changed:

- Request: Update ClamAV
+ Please backport clamav 0.88.7-1ubuntu1 to edgy from feisty

** Description changed:

  Please backport ClamAV 0.88.7 to edgy.  This release includes security
- updates.
+ updates.  See the comment below for changelog.

-- 
Please backport clamav 0.88.7-1ubuntu1 to edgy from feisty
https://bugs.launchpad.net/bugs/83065
You received this bug notification because you are a member of Ubuntu
Backporters, which is the bug contact for Edgy Backports.



More information about the ubuntu-backports mailing list